Hackers are not the only ones busy developing harmful, security-breaching code. Adopting the hacker-mindset, security researchers are also hard at work writing code with the intent to infiltrate ERP systems. Researchers’ efforts, however, will most likely help organizations rather than harm them.
What researchers have discovered should not go unnoticed. Relying on nothing but a basic understanding of cyber-hacking, researchers were able to develop a code capable of accessing detailed and sensitive information from a Microsoft ERP system database. The code not only accessed the database but it did so undetected.
As researchers discovered, cybercrime can often go undetected even by sophisticated anti-virus software. Unbeknownst to the organization, hackers can use their cleverly developed code to access financial management systems and any business information they can get their hands on. Analysts working with SAP systems found that hackers have no need of security credentials in order to carry out these attacks. According to the Norton Cybercrime Report, the direct cash costs of money stolen through cybercrime totaled $114 billion in 2011. The report also noted that $247 billion worth of time has been lost to the efforts of recovering from cybercrime.
One reason hackers have it so easy is that most organizations aren’t truly aware of the risks. Because of the challenges of updating customized ERP systems, many organizations skip the hassle of “patching” and updating their ERP software on a regular basis. But overlooking the importance of software upgrades and IT testing can leave organizations vulnerable to even the most rudimentary cyber attacks.
Organizations with a solid IT strategy are more prepared for these attacks. They have built a strong relationship with their ERP vendor and they are not intimated by the idea of software upgrades. A solid IT strategy can also ensure that customization only takes place in areas contributing to an organization’s competitive advantage, and less customization can reduce the pain and expense of upgrades. Because of the financial and operational risk cybercrime poses, many organizations choose to hire independent ERP consultants to develop an IT strategy that helps prevent hackers from accessing the most vital parts of their ERP system.
Minimizing risk is key to any successful ERP implementation and organizations should not overlook the threat of cybercrime. ERP vendors can provide ongoing maintenance and support but your organization’s best bet for fighting cybercrime is hiring an independent ERP consultant who recognizes the importance of contingency planning and developing a solid IT strategy.
To learn more about minimizing risk in your ERP implementation, download our 2013 ERP Report.